Vulnerabilities > Wpmet > Metform Elementor Contact Form Builder > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-09 | CVE-2023-0709 | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_last_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. | 5.4 |
| 2023-06-09 | CVE-2023-0710 | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'fname' attribute of the 'mf_thankyou' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. | 5.4 |
| 2023-06-09 | CVE-2023-1843 | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalink_setup function in versions up to, and including, 3.3.0. | 5.3 |
| 2023-03-02 | CVE-2023-0084 | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. | 6.1 |
| 2023-03-02 | CVE-2023-0085 | Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. | 5.3 |